github.com/prebid/prebid-server/v2@v2.18.0/.github/workflows/security.yml

github.com/prebid/prebid-server/v2@v2.18.0/.github/workflows/security.yml (about)

     1  name: Security Check
     2  
     3  on:
     4    push:
     5      branches: [master]
     6    pull_request:
     7      branches: [master]
     8      paths:
     9        - go.mod
    10  
    11  jobs:
    12    build:
    13      name: Trivy
    14      runs-on: ubuntu-20.04
    15      steps:
    16        - name: Checkout Code
    17          uses: actions/checkout@v4
    18          with:
    19            # Resolves to empty string for push events and falls back to HEAD.
    20            ref: ${{ github.event.pull_request.head.sha }}
    21  
    22        - name: Run Trivy
    23          uses: aquasecurity/trivy-action@master
    24          with:
    25            scan-type: 'fs'
    26            ignore-unfixed: true
    27            format: 'sarif'
    28            output: 'trivy-results.sarif'
    29            severity: 'CRITICAL,HIGH'
    30            
    31        - name: Upload Results To GitHub Security Tab
    32          uses: github/codeql-action/upload-sarif@v3
    33          with:
    34            sarif_file: 'trivy-results.sarif'